Might even work.

Category: Talky

Post navigation

I’ve been investigating Telstra’s T-Hub “home phone of the future”. The T-Hub is built with open source software, but Telstra do not seem to be honouring any of their legal copyright or licensing obligations.

(For the non-Aussies: Telstra is Australia’s largest telecommunications company, and is part government owned.)

Short Version

I investigated the T-Hub and found it is built on a variety of open source software, including GPL licensed software like Linux and busybox. However, Telstra are not mentioning this anywhere and are not distributing source code, or notices to obtain source code.

By doing this, Telstra are violating the licenses and also robbing the authors of their rightful attribution. They appear to be regarding open source as a free-for-all that they can exploit without giving back even the small amount required legally by the various license terms.

However, I believe that Telstra can easily take steps to comply with these licenses.

Telstra have a range of other Linux-based products, including the T-Box and a soon-to-be-released “T-Tab” Android tablet. To the best of my knowledge the T-Box is not GPL compliant either, which gives me little hope for the upcoming T-Tab.

What is a T-Hub?

T-Hub is Telstra’s “home phone of the future”. It’s essentially a tablet-like device (think Chumby with less functionality) loosely integrated with a cordless land-line telephone. The OEM product is from Sagem, although as far as I know Telstra is the only vendor world-wide.

GPL Software

The GNU General Public License is an open source “copyleft” license. Vendors are encouraged to freely distribute products built with GPL software, provided that they acknowledge the license and also provide access to the source code (modified or not) for the GPL licensed or derived portions.

A while ago I learned that the T-Hub runs Linux, which is subject to GPL.

Attempting to make contact

For over two weeks I’ve been attempting to find someone at Telstra to talk to about this. Despite best efforts (phone calls, emails), I have been unable to contact anyone with the slightest idea what I am talking about, or with the ability (it would seem) to actually find someone who knows what I am talking about.

Best quote so far, when I was transferred to tech support: “Look mate, noone calls up Microsoft and asks for their source code…” Um, sure.

Finding out myself

Frustrated, I bought an “as-new” T-Hub on ebay. First, I scoured the documentation for any mention of the software license(s):

Next, I found the URL where the device downloads its firmware. The current firmware can be downloaded directly here. The file is a JFFS2 filesystem image, which can be mounted via mtdram as described here (EDIT: you can skip the jffs2dump step if you’re on a little-endian machine like a PC.)

By browsing the filesystem of the device, I can see a range of GPL or LGPL licensed software contained within. Here is a (possibly incomplete) list. The following components are GPLv2 licensed:

Linux kernel v2.6.19.2

Busybox v1.1.3

GNU Fdisk v2.12

The device appears to be built around a Freescale i.MX31 SoC, which means that it probably also contains a GPL licensed bootloader (u-boot or RedBoot.) I haven’t taken any steps to verify the bootloader, though.

There are also LGPL licensed libraries:

GNU C Library

gstreamer v0.10

Pango

Libusb v0.1.4

The following included open source software is not GPL licensed but has a license that requires acknowledgement that it is included in the product. These notices do not appear to be included, either.

libcurl

OpenSSL (libcrypto)

Dropbear

ImageMagick v6.5.3-7

What should Telstra do?

GPL compliance is not that hard. GPL-Violations provides an excellent (and simple) vendor FAQ explaining a vendor’s obligations under GPL.

Telstra should review their use of open source in all their products, and amend their ways so they are legally compliant.

For the T-Hub, this includes adding GPL and other license and copyright notices to the product documentation, adding offers for source (or actual source code) for the GPL licensed components, and also making sure that “the tools required to compile and install the GPL licensed components” are made available.

Aside from the time this will take, I don’t see how GPL compliance could negatively impact the T-Hub product in any way. In fact, it may even provide a new market by allowing intrepid users to load different software onto the T-Hub. Of course, this is beside the point – the license terms are clear, and by choosing to use these software products Telstra must commit to honouring their license agreements.

Frequent Responses

There are a few kneejerk responses that always seem to appear in these cases, so I’m going to address them in advance:

“The source code wasn’t modified, so there was no need to comply…”

This is a misconception about GPL. The source code doesn’t need to be modified as a prerequisite for compliance.

However, the vendor doesn’t always need to distribute the source themselves. Under GPLv2 clause 3(c), they can simply redistribute an “offer to distribute corresponding source code” that they themselves received from a third party along with the binary code, provided that the vendor did not modify the source themselves.

EDIT 8/11: Glen points out in the comments that clause 3c only applies to non-commercial distribution, so it seems Telstra can’t copy someone else’s notice – they’d need to provide their own offer for source (3b) or put the source code in the box somehow (3a).

“Sagem made the device, not Telstra. They are responsible for compliance.”

It is true that Sagem made the device. However, Telstra are the legal entity who are distributing (ie selling) it. The customer’s relationship is with Telstra, not Sagem. Whatever private arrangement exists between Telstra & Sagem is not our business.

Of course, in practice, it is Sagem who will probably be responsible for providing source code and documentation in order to allow Telstra to comply. At the moment I think there are two possibilities: one is that Sagem provided enough information to ensure their compliance, and Telstra ignored that information. The second is that Sagem did not provide enough information, and are themselves in violation of the license. However, as I said before, this is Telstra’s business with Sagem, not my business or the business of any of Telstra’s customers.

This one always baffles me. Via GPL/LGPL a company can get access to a complete world-class operating system with libraries for almost any conceivable use. They get this at no monetary cost, without needing to negotiate any license agreements or pay a cent to anyone. Better yet, all of the software comes under a single license so the legal department only needs to read and understand one or two documents. The company is then welcome, even encouraged, to build end-user software on top of this OS & libraries, bundle it all into their products and sell it at a profit.

The only thing a company is asked to do is acknowledge the open source components, and make source available. That’s the sole cost to a vendor like Telstra, for an entire software ecosystem. I believe the GPL can make no claim on any of Telstra’s original contributions to the T-Hub, such as the custom HTML UI, which are not derivative works of any open source software. None of that source needs to be released, unless Telstra wants to release it. There’s no risk that Telstra will somehow lose any competitive advantage they have in this product, via open source.

Yet it seems to be all too hard. Why is that?

Alternatives to T-Hub

If you want to buy something like a T-Hub (“kitchenputer”), but want a product that respects copyright law, then I recommend checking out Chumby for starters. Chumby Industries are a terrific company when it comes to open source. Internode sell chumbys in Australia (no Chumby One yet, though. :(.)

What am I doing next?

I’m going to notify as many rights-holders as I can find for the software mentioned above, and encourage them to formally contact Telstra.

I’m not sure what I’m going to do personally with my ebay T-Hub. I’m not a Telstra customer, so it’s more or less useless in its current form. So far I haven’t found any way to load custom firmware, without spoofing Telstra’s update web server (although I haven’t taken mine apart to look for a serial console.)

I thought it might make a good Android tablet, but it has a resistive touch screen and it also probably doesn’t have enough physical buttons for a good Android user experience. Plus for the same money I could buy a OMAP3-based Android tablet with a Cortex A8 in it (newer than the ARM11 CPU in the T-Hub.)

So… it’s probably going back on ebay. Unless anyone wants to buy a nearly-new T-Hub? I can’t guarantee the sale will comply with any licenses, though. :D.

This post is about how I became a self-loathing iPhone owner, and decided to switch to a device that noone has ever described as “revolutionary”, “amazing” or “magical”.

I’ve replaced my iPhone 3GS with a Nokia 2323 Classic. A $70AU ($63US) phone based on eight year old technology.

Why?

First, the obvious reasons. I’ve been increasingly uncomfortable with Apple’s monoculture. I’ve never liked their closed approach to device ownership. Even though my two iPhones have been jailbroken, I’ve bought apps – contributing money to the App Store economy. I’ve also contributed to Apple’s iPhone bottom line. All rewarding a business model that I don’t agree with at all.

Pushing matters to a head, three months ago I replaced my Macbook Pro with a PC running Ubuntu. I discovered that iPhone ownership is a lot less seamless when you don’t have OS X to coordinate everything.1

Given all this, and my general love of gadgets and technology, you would expect that I would choose an Android phone. One of the more open models. I thought very hard about picking up a Samsung Galaxy S (especially now Cyanogenmod supports it) or even a Nokia N900, the ultimate geek pocket gadget.

That isn’t really it, though…

It’s psychology & culture

I don’t like the person that the iPhone encourages me to be. I don’t like reaching for it over and over, checking Twitter or scanning my email boxes with every idle moment. I don’t like how quiet moments of reflection get replaced with boredom that there’s nothing new on the Real Time Web. I don’t like that most days I spend more than ten hours in front of a computer, but I still feel the need to carry one around in my pocket. I don’t like taking my iPhone out during meetings or conversations. I don’t like “the iphone effect”.

These kind of phenomenons have been written about over, and over, and over. In pieces ironically intended for online consumption, a variation on the standard “moral panic” and “technology shock” opinion genres. Nevertheless, parts of the articles ring very true for me. My personal favourite writing is from the blog Tweetage Wasteland. Go read it (really, do!)

In fact, reading comments about a Tweetage Wasteland post on HN was when this really struck home to me:

(angusgr is me, BTW.)

The underlying assumption is that idleness is necessarily wasteful, and why would anyone want it? Consequently, consuming information is a more fulfilling form of activity than just being inside your own head. I don’t think I agree.

Since getting an iPhone I don’t read books nearly as often as I used to. I don’t sit and stare into space quietly, thinking about whatever happens to be on my mind. I don’t pay as much attention to the world around me. I miss all those things.

It’s Not You, It’s Me

Of course none of this is the iPhone’s fault. Smartphones are just tools, plenty of people don’t have this problem at all. If I had better self control then I’d just curb my use. In my case, I think the problem is smartphone ownership combined with N.A.D.D. (Nerd Attention Deficit Disorder.) An iPhone is like a “New Tab” browser menu, for your life.

Observations on going Classic

Some observations about being back with a Classic Nokia after 2 years in iPhone land:

The Nokia is tiny, and light. It doesn’t need its own reserved pocket in my jeans any more.

Sound quality and volume are both better, when you’re actually using it as a phone.

Standby time up to 17 days. Days. No more having to charge every night.

My muscle memory for typing quickly on T9 keypads is gone, but I think it will come back.

Syncing calendars and contacts was not overly painful, even from Linux. Being able to automatically sync via Bluetooth is neat.

Things I Will Miss

Always having a camera to substitute for remembering or writing down details.3

Instapaper. Although I don’t use it much now that I don’t have a regular commute.

The “Notes” application. Will need to make a habit of carrying a notebook more often.

Do I need a mobile (“cell”) phone at all?

I think so. Even though I no longer have a job that requires me to be available on-phone at weird hours (another plus for ditching the iPhone), mobile phones are embedded in my generation. My partner, friends, and colleagues would all be put out if I ditched it entirely. Besides, they’re pretty useful devices to have.

Experiment

I’m terming this an experiment because in a month I might decide that I’m an idiot, and I’ll go buy a Galaxy S. Expect a follow up blog post if that’s the case. My partner certainly looked at me in total disbelief when I told her this plan. “Just get the Android one, you’ll be happier that way.” She may well be right.

Please don’t misread this post as either pro- or anti-Apple. I like Apple’s products, I think the iPhone & OS X both offer a great user experience. I really don’t like the things mentioned above. [↩]

Nokia are marketing the 2323 as “fully connected” and it has the Ovi app store and email and a miniature web browser and blah blah blah, but I don’t want a part of that. [↩]

Although I now have enough room in my pockets to carry my Canon S90 camera more often! [↩]

This is intended for people interested in hacking on the kernel. If you’re interested in just running Linux on VT/WM netbooks, there is bento-linux and their forums. For tablets, there is slatedroid.com. Both are great communities.

This year a slew of companies have launched competing Android tablet devices. A lot of rhetoric has been spun about how Android’s open source ecosystem gives manufacturers and consumers an advantage.

Android is open source; it can be liberally extended to incorporate new cutting edge technologies as they emerge. The platform will continue to evolve as the developer community works together to build innovative mobile applications. (Open Handset Alliance)

Unfortunately, the current crop of Android tablets aren’t nurturing open source at all.

Android Tablets

With the exception of Barnes & Noble’s Nook e-reader, a device that isn’t even really a tablet, I couldn’t find a single EDIT: I found one tablet manufacturer who was complying with the minimum of their legal open source requirements under GNU GPL. Let alone supporting community development.

EDIT 2/9: Benmars posted in the comments that Archos have now released GPL source code for the Archos 7 Home Tablet. This looks to be a full kernel source release for the Rockchip RK28xx SoC, and even includes includes a prebuilt linux-x86 cross-compiler toolchain. Thank you Archos!

EDIT 31/7: In the comments, xauieous points out that while Archos have released GPL source for the ARM11/OMAP2 based “Archos 5 Internet Tablet” (aka Archos Generation 7), they are not complying with GPL for the ARM9 based “Archos 7 Home Tablet”. The contents of the “Generation 7” kernel tarball seem to bear this out. Xauieous claims Rockchip are holding out on the source for the Archos 9 Home Tablet, same as Apad.

Also, personal note to Archos: Please get a less confusing naming scheme!

EDIT 26/7: Zebul posted a comment and drew my attention back to Archos’ GPL download section. I originally thought these were all just media player firmwares, but it turns out “Archos Generation 7” means the “Archos 5 Internet Tablet” and this tarball is a full GPL source release. Well done Archos! To their detriment, the binary firmware does not contain any obvious GPL mention – and this may mean they are still in technical breach of the GPL. The manual doesn’t mention anything either. But it’s still streets ahead of the others. Yay Archos!

(EDIT: I posted some details here. Please leave a comment if I’ve missed any tablets, or any source releases.)

What’s this GPL?

The GNU General Public License is a “copyleft” software license. Manufacturers releasing products with GPL licensed code, like the Linux kernel that underpins Android, are required to make their changes available in source code form.

Android itself isn’t GPL. Its open source Apache license does not mandate that source code has to be made available. However, all Android systems include the Linux kernel at minimum, and may also include other GPL-licensed pieces of software that are not part of the base Android distribution.

GPL source releases for these kernels make it easier for developers to build alternative operating systems, Android or otherwise, to run on the tablet hardware. It also allows improvements and changes to flow back “upstream” to the original software authors.

Why should consumers care?

The average tablet buyer isn’t an open source developer. However, having healthy open source releases means future support for these devices is guaranteed. Currently, projects like CyanogenMod make new improvements available to old Android phones whose manufacturers have already moved on. Similar community improvements could make new releases available on tablets, even though manufacturers are no longer supporting them.

Often, community Android releases are better than the original manufacturer’s. Slatedroid & ECOTOX have been releasing customised Android versions for the Eken M001 tablet which are both faster and support more features than the OEM release. Having kernel source available can only serve to make these releases better. For the Nook e-reader, community software releases allow you to view more ebook formats on your Nook, and even add totally unexpected features like Pandora Internet Radio.

Why should tablet manufacturers care?

Most manufacturers seem to be stuck in the “vendor” mindset that their hardware should remain entirely under their control, and that anyone else working on it is a problem.

However, it seems like community development almost always adds value to the hardware by extending it and adding more features. Especially in the tablet arena where there are no carriers to insist on platform lockdown to support their business model, an open platform doesn’t seem like it carries any significant drawbacks.

Some companies, particularly the smaller Chinese ones, appear to be concerned about competitors ripping their software off into compatible hardware. From what we’ve seen with the Eken M001 though, it doesn’t seem like source availability – especially kernel source – would do much to change the situation.

Outside of e-readers, there aren’t any companies competing on custom software anyhow: for the most part the software is vanilla Android, and competition is on performance, specifications, and especially price. This seems to make an even bigger opportunity for a clever manufacturer to embrace community open-source development, and differentiate themselves from all the “me too” Android clones without incurring any actual R&D cost.

What about chipset manufacturers?

A lot of kernel development for these devices is done by the original chipset manufacturers themselves. For example, it seems like VIA authored and compiled the kernels found in all devices based on the WM8505 chipset (including Eken’s tablets and some others..) It seems like the same story is true for Rockchip, who make the chipset used in the iRobot APad & Moonse E-7001.

Chipset manufacturers aren’t required to release GPL source code to the public, provided they send sources alongside any GPL software that goes to the device manufacturer. VIA has so far chosen this path, stating all sources are released to device manufacturers (although Eken has claimed differently at least once.) In the case of RockChip, manufacturers claim RockChip isn’t even doing that much and are violating GPL themselves (see first comment).

In addition, chipset manufacturers may sometimes author custom kernel modules or other components that are not GPL licensed at all. For example, Samsung have a video acceleration kernel module that is included in the firmware for the SmartQ tablet range. These components are normally not open sourced at all.

I can think of three reasons which chipset manufacturers do not embrace open source. One is that it is simpler not to. Another is that they charge device manufacturers for access to their SDK, and preemptively releasing source takes away that revenue stream (although possibly at the expense of extra hardware sales.) The last is that they are concerned about protection of their intellectual property, although this seems unnecessary given that most of their trade secrets are captured in the hardware itself, which is in turn protected by patents.

What about Google?

Google is in an interesting position here. On the one hand, they have worked hard to make sure that above the kernel layer Android is not GPL licensed. This serves to calm worried manufacturers threatened by the idea of having to release source. It seems, sadly, like a necessary step in order for Android to receive the kind of market prominence that Google wants for it.

On the other hand, it seems hypocritical for Google to tout Android’s “open source” credentials when it seems so clear that most companies profiting from it are completely oblivious, maybe even antagonistic, to open source.

I think there may be things Google could do to encourage manufacturers to be more friendly (or at least legally compliant) with open source, without scaring them off. An idea that springs to mind, especially now Google seem to be out of the device business, is promotion & accreditation of open source friendly manufacturers who receive extra kudos and promotion from Google in exchange for giving back to the community. Some kind of base level accreditation for companies who do not violate GPL, and additional incentives for companies who give back extra to the community.

Where to from here?

There are a lot more Android devices on the horizon, from a variety of manufacturers. It is my sincere hope that, especially following the growing buzz around “open source hardware”, at least one chipset or device manufacturer decides to make a break from the pack and announce “open source friendly products & manufacturing” that includes supporting community development.

Until then, if you care about open source you may actually be better off buying an iPad than many of the devices listed above. At least Apple comply with GPL and contribute back to the open source projects that they benefit from!

I have a EKEN M001, which will not unlock the screen by pressing MENU.

I have tried reseting the EKEN M001 by pressing the Reset button on the back ofthe MID, but te screen stays unlocked.

The top of the screen says: â€œDemo Versionâ€ when the GUI appears, does this need a Operating System update. If so, hpw can this be done.

Short Answer

I think your tablet has failed its internal licensing check. Try to return it to the retailer that you bought it from. If you now connect it to the internet, it will “phone home” to a company in Shenzhen, China.

EDIT: Before you give up try connecting to the internet for a while and leave it connected. It seems like sometimes “phoning home” will verify that it’s a legit install and then the message will go away.

Long Answer

This is a coincidence, because just yesterday I was looking at the decompiled Eken libraries posted to slatedroid by ‘bushing’. Hidden in there is licensing code that verifies the Eken is running on genuine hardware. I think it works like this:

The Eken has a serial number loaded into its CPU (a WMT system parameter in the SoC.)

The serial number maps to the hardware (MAC) address of the onboard wireless adapter.

At startup, the Eken loads the serial number and compares it with the serial number it calculates from the wireless adapter.

If they do not match, it locks and throws up “Demo Purpose Only” (possibly “Demo version has expired” on the latest firmware.) It will also continually try to “phone home” with some details about the device (see below.)

I think all of this is to prevent someone putting their firmware into another device, unlicensed. The code is obfuscated (intentionally hidden in the source) in the hope that a casual shanzhai observer will miss it.

From looking around the internet, it looks like quite a few devices are turning up brand new with “Demo Purpose Only”. The only easy thing to do is to return it to the retailer that you bought it from.

It is possible some retailers are selling fake or refurbished units (maybe they swapped the WiFi unit or the CPU daughterboard out.) In other cases like this, it looks like units may be shipping from Eken with invalid serial numbers (poor quality control?) Finally, in cases like this it seems that temporary problems with the WiFi may trigger this behaviour for a while, then it fixes itself.

Eken Phone Home

I found it quite surprising that the unit tries to phone home if it thinks its license is invalid. It phones home with 3 details:

A username & password which is decoded from the file /data/wmtpref/custkey (in the firmware itself.)

The MAC address of the wireless adapter

… the very odd thing is that the unit does not phone home to Eken. It phones home to a company called Aiteer, who are also based in Shenzhen but do not seem to have any published relationship with Eken. Aiteer’s web site doesn’t say anything about software development, but I can only guess that they did the firmware development for Eken and possibly related MID/tablet devices using the WM8505 chipset.

Other Thoughts

It’s odd that the firmware locks the user out and tries to phone home, because if the user is locked out then it’s unlikely that they’re going to be able to connect to the internet. Maybe I missed a detail in my reverse-engineering, and the lockout only kicks in every few minutes or something.

Although “phoning home” is pretty common, software phoning home without the knowledge or consent of the user is less common and is often regarded as unethical. I’m glad that in this case no personal information is being sent back, but clearly we’re at the mercy of the manufacturers in this regard. Unlike mainstream manufacturers, companies like Eken have no corporate presence outside of their factory in China – in other countries, the laws that protect consumers are effectively powerless. If you hypothetically did find out that an unscrupulous shanzhai was stealing your personal details, there is no real recourse you could take.

The license check code was obfuscated in the library (libui.so in this case) so that a casual observer would not see it. For example, nothing unusual showed up when I ran ‘strings’ the other day. However, a tiny bit more reverse-engineering shows up a helper method calling base64_decode to decode each of the string constants related to the license check.

The code used to decode the username & password from the customer key, as well as the code used to calculate the serial number, are both trivially simple and anyone with some C programming knowledge can decipher them from the decompiled dump in an hour or two. For this reason, I think that the manufacturers only put in this protection to avoid casual copying of their firmware into another product – anyone serious about ripping them off could spend a couple of hours and generate their own serial numbers, and disable the “phone home” feature, without needing to modify the binary code at all.

Because the serial number is tied to the MAC, I don’t think anyone will be able to replace the WiFi module at all – even though you own the product.

It bothers me a lot that Eken are going to lengths to protect the tiny amount of proprietary code in their product, while not doing anything to fulfill either the legal obligations or the spirit of the substantial open source parts of the product. It bothers me doubly so now that they’ve locked out the root serial console in the latest (1.7.4) firmware release. How do they think that this helps their product?

What is it?

There are a few other cheap models with the same chipset, like the M003 (bigger 8″ screen) and a netbook form factor model.

Summary

You get what you pay for.

Longer Summary

If you want an iPad, but don’t want to spend the cash. Don’t buy this. It’s not in the same league as devices like the iPad

If you want a “tablet device”, just not an iPad because you’re ideologically or tribally opposed to Apple, or you’re sure you need something that the iPad doesn’t do. Don’t buy this either. You’ll be underwhelmed, and eventually it’ll end up gathering dust on a shelf while you look to the next big iPad killer.

If you want a digital photo frame, a clumsy furless chumby, a mediocre tethered video player, or an ebook reader that works in the dark for limited periods. This might prove OK for your needs.

If you just want something to tinker with, then this is a good cheap gizmo to tinker with.

The Good

Price. $99 including shipping anywhere in the world. ‘Nuff said.

LCD. It’s actually pretty good for a cheap LCD display, especially if you’re in low light.

Performance. Pretty good in general, UI is responsive and snappy. Better than an iPhone 2G, similar to a 3GS. Some performance tasks (like video playback, depending on codec & resolution) are a bit limited by the CPU, though.

Community. A small community is forming around the M001. They have already come up with some software improvements. Unfortunately, they are limited by poor vendor support (see below.)

The Bad

Touchscreen. It’s resistive, so it’s never going to be much good for finger presses. My unit has major problems with mis-touches (wrong buttons being pressed) and identifying the difference between a tap and a swipe. Using a stylus didn’t really help, either. I think this might be solvable in software though, with better debouncing in the touchscreen driver.

Build quality. It isn’t going to fall apart immediately, but it’s not built to last. In particular, things like the LEDs are just cheap and nasty – one of the 3 indicator LEDs is enough to light up all 3 recesses, and the area around it.

In indoor lighting, it makes the LEDs really hard to read (only one is on in this shot!):

In darkness, the whole thing glows:

Fake chrome around the LCD. What were they thinking? Looks good in promo shots, means you have a reflection of your face any time you use the device in bright light. Really bad usability choice.

Battery Life. Seems like 2-3 hours is the norm, and the battery runs down at almost the same rate when the device is idle compared to when it is in use. Probably a driver problem, but whether it can/will be fixed is up in the air.

Accelerometer. Way too sensitive, the tablet flips orientation at any chance – including just when laid down on a table. Another driver sensitivity issue, I’m guessing.

Android 1.6. Lack of 3D acceleration, and only 128Mb of RAM, give the general opinion that Android 1.6 will be the last version that runs well on this device. That said, noone has actually run 2.x on it yet.

Bad vendor support. Eken haven’t released any of the GPL sources that they’re required to release. Not only is this in violation of the license, it prevents community members from working together to improve the software and the device performance. If I had to pick one thing that limits the potential for the M001, this would be it.

I think in this market a vendor who really nurtured open source development, and swiftly incorporated improvements back into the official software updates, would find a real competitive advantage – the product would still be cheap, but the software and driver layers would be less buggy and restrictive.

Conclusion

I didn’t buy this as a tablet (I bought it for a robot platform), so maybe I’m not the best person to review it as a tablet. However, I can’t see myself ever reaching for the M001 to perform anything but the simplest of tasks – watching a video I’d already loaded on it, for example.

My prediction is that in 3 months, pending some amazing community software developments, many of the models sold to date will be gathering dust in a corner.

I’m a bit late to the party on this one. I’ve read all of the big ranty iPhone and iPad arguments. I’ve worried a little about the monoculture that the iPhone represents. I decided these were mostly ivory tower arguments. Meaningful for geeks and technorati, but not for anyone much else.

I changed my mind this weekend.

This weekend I attended the National Folk Festival here in Canberra. Folk Festivals are a celebration of traditional folk music and folk arts. With a smattering of other musical traditions and innovations, the focus is on traditional musical instruments played in traditional folk styles.

As far as I can see, it’s about as far from Silicon Valley as you can get without winding up in Deliverance.

This year, National Folk Festival has an iPhone app.

History of the NFF Programme

1967-

printed on paper

2000

also available as HTML

2003-

also available as PDF

2010

also available as iPhone app

This is a pretty momentous innovation.

Don’t get me wrong, it really is an innovation. At a festival where a dozen performers are playing at any given time, finding out what’s on is hard. Being able to see it quickly and easily on your mobile phone is extremely useful.

I’m worried because, as in all things, it’s an iPhone App. If you were a Mac or Linux user around 1999, you were probably familiar with web sites that required “Windows 95 & Internet Explorer 5 or Better”. They didn’t work on your computer, or they only half worked.

We now have the same situation, ironically rearranged. If you have any other mobile phone, you are a second class online citizen. Everywhere, up to and including folk festivals.

Yes, you can probably read the PDFs on the web site. No, that’s not going to be very good. The iPhone app, on the other hand, is great.

Is there an alternative approach? Maybe. The NFF site is powered by WordPress. “Mobile site” plugins exist that could format the programme for various mobile browsing devices. With some CSS wizards at the helm, I’m sure it could be quite nice.

Would that experience be as good as the iPhone app? I doubt it. The iPhone app that Bonobo Labs have made is really slick. On the iPhone, I think it could be recreated as a web site for Mobile Safari. However, I don’t think it could reach that standard for every single mobile device. The standards and the frameworks aren’t really there, and the browsers aren’t all up to it.

Making something that at least works on other phones is, however, very possible.

So what’s the point to this rant, then? Nothing really, except that I think it’s worth worrying about. In 2000 I was proud that I wasn’t stuck with Internet Explorer 5 “or better”. The alternatives were innovative and they helped dig the web out of a monoculture of ActiveX controls and bad proprietary HTML.

In 2010 I have an iPhone. I’m guilty about liking this monoculture so much. How are competitors going to innovate, short of providing a phone with a full Apple App Store compatibility layer? Is this really today’s IE 5?

I believe that anyone with the right information can cost a user on the Virgin Mobile cellular network around $575 an hour in excess usage charges. The unlucky user might not find out that this is happening for up to two days. That’s almost $28000 in possible excess usage. This can be done using general purpose tools, available to anyone with a computer.

Although I have investigated this for Virgin, a similar statement is probably also true for Optus and may also be true for other mobile carriers in Australia.

The reason is a combination of the carrier’s pricing policies, and the open nature of the internet.

$2097 worth of internet access for just $15 a month

I’ve been using my iPhone “tethered” for internet access. I’m waiting until ADSL2+ gets installed at our new flat, and I decided to use my Virgin Mobile “1 Gigabyte” data plan tethered to my computer.

1Gb of data with Virgin Mobile costs $15 a month. If you were to use 2Gb in a month, it will cost you $2097. That’s right: the second gigabyte costs 140 times more than the first. The delay between using that data and finding out can be up to two days.

Virgin isn’t at all alone in this, although their excess charges are the most expensive I could find. Here’s a summary of some common carriers and sample data plans:

Carrier

Data Plan Cost

Allowance

Excess

Cost, 2x allowance

Ratio

Virgin Mobile

$15/mo

1Gb

$2.04 per Mb(1)

$2097

140:1

Optus

$19.99/mo

1Gb

$0.35 / $0.50 per Mb2

$358 / $512

18:1 / 26:1

Three

$20/mo

2Gb

$0.10 per Mb

$205

10:1

Vodafone

$4.95/mo3

200Mb

$0.12 per Mb

$24

4.8:1

Telstra

$59/mo

1Gb

$0.25 per Mb

$256

4.4:1

1 On the Virgin Mobile web site this is written as 0.2c/kb, which sounds a lot smaller than the others but is actually substantially higher.2 The excess rate is higher if you’re a month-by-month customer instead of on a contract.3 One year contract. Vodafone have larger data allowances built into some of their call plans. Same excess usage charge.

If you read online forums like whirlpool, you can find dozens of people reporting massive bills on various carriers, up to the thousands of dollars. In some cases, people claim that they cannot identify the cause of the excess data usage.

The Internet does not care about excess usage

Because of the nature of the internet, a third party can rack up thousands of dollars in charges on my phone. Right now.

If you’re on a Virgin Mobile connection, you have a publicly accessible IP address on the internet. The same is probably true for Optus, as they share a network. By itself, this is a good thing. It enables full access to the internet. However, it also makes it very easy for people to send you unwanted data.

(Translated, this means: Send 1000 “Are you there?” echo requests to the internet address of my phone. Send them 100 times a second, and attach 1 kilobyte of data to each request. Ask the other end to send the data back, to prove they got it OK.)

This caused at least 868kb (probably more) worth of data to be charged to my 3G iPhone, in 11 seconds. This was on a fairly poor link (2 bars out of 5.)

868kb is $1.74 in Virgin Mobile excess charges. Charged to me, remotely, without needing my knowledge or consent. Keep doing it repeatedly, and it adds up. You can burn an entire 1Gb quota in less than four hours. From then on it’s around $575 for every hour you keep it running. Thanks to Virgin Mobile’s monitoring policy, it could be two days before anyone even notices. By then, it could be pushing $28000.

The problem isn’t the ‘ping’ command. There are dozens of other ways to send unsolicited data to an IP address: UDP packets, TCP SYN requests, not to mention any open ports on your smartphone that will actually receive data.

This kind of data usage can easily happen by accident. For instance, mistakes with tearing down data streams can easily happen. If a server keeps streaming data to you incorrectly, you’ll still pay.

The real problem is Virgin Mobile’s data charges. While they would be sensible with dial-up in 1996, they are excessive in 2010.

Other Practices

Virgin Mobile has some other practices which can make it easy for excess usage charges to rack up.

Confusing Language.

0.2c/kb can be a confusing term for non-technical people. No other Australian mobile carrier that I could find lists their excess data rate by the kilobyte.

Virgin Mobile’s advertising material explains that 1Gb a month is good “for those who always use the web”. I could not find an explanation of how 0.2c/kb compares to this quota, or an explanation of how “always using the web” too much could cost hundreds of dollars. My Mum understands “for those who always use the web.” She does not understand 0.2c/kb.

Misleading Tools

Virgin Mobiles’ broadband usage meter “may not include last 2 days usage [sic]”. With 3G download rates, you could blow an entire quota in a few short hours. So you never know exactly where you stand.

Virgin Mobile’s monitoring page also contains the following usage graph:

In the above graph, the download quota is exhausted one third of the way across. So it could also be shown like this, although it isn’t:

It also shows up to a theoretical 2.6Gb of downloads. Here is the same graph, with my modifications showing what it would actually cost to download all that data:

That’s $3,292 on the far right.

Late notifications

Virgin has a per-customer credit limit. On a current $50 plan it would be $600 . Phone access will be cut off if the customer exceeds their limit, for their own protection.

However, because of the two day delay, tens of thousands of dollars in usage can be accrued before the credit limit even kicks in. Users posting on Whirlpool suggest that, in this case, the credit limit is not the limit of a customer’s liability.

What could be done?

I have some suggestions, that would mitigate this problem.

Limit the ratio of excess charges. 140:1 seems unjustifiable to me. If necessary, the ACMA should regulate that excess charges cannot exceed 10x the base charge rate for the same service.

Better monitoring. Most ISPs have their usage meter update in a matter of hours. I would like to see a reasoned, technically informed, explanation of why a usage meter must take two days to update.

Better alerts. Internode notify me if I have used 70% of my monthly usage quota, and again if I have used 95%. I see no reason why mobile carriers should not be able to do the same.

Capped data plans. Excess usage charges were the norm for Australian ISPs in the 1990s. To compete, innovative ISPs offered “unlimited” data plans, which shaped you when you exceeded your quota. Those are now the norm. I think a mobile carrier that introduced a similar policy, even if the base data allowance was substantially less than 1Gb, could that find it was a “game changer” in the Australian market.

Ironically, Virgin already do this with their mobile broadband plan, which offers 4Gb of capped data and unlimited phone calls, over the 3G network from home, for just $80 a month.

I first read about the Engineyard Programming Contest yesterday and I thought it was a silly contest, winnable only through the application of raw brute force.

For some reason, I woke up this morning obsessed with it. This is despite the fact that this “competition” is basically a lottery, in which you buy tickets with basic programming skills and large amounts of computing time.

In the spirit of sharing, I have a few (fairly obvious) things I’ve noticed in an evening of messing around.

I’m not any kind of cryptographer, but from what I know about the known weaknesses in SHA-1, none of them will apply significantly to this contest. Maybe I’m wrong though.

The Avalanche effect means you don’t have to change much in the input to see a big change in the output. So making large changes (whole word permutations) is a waste of cycles.

Permutating the word list at all is almost unnecessary. One core on my 2.2Ghz Macbook pro takes 45 minutes to check all 7.7 billion combinations of printable five-character strings for a single word list combination. Once you add the possibilities for varying capitalisation in a single sentence (at least 2^40), you have more permutations in a single word list string than a single core can run in many times the 30 hours of test time. So distributing word list permutations is, at most, the “top level” job to distribute work to each cpu.

SHA-1 uses 64-byte blocks so if your total string is more than 64 bytes and the first 64 bytes don’t change, you can calculate that hash separately just once. Testing on an 85-character test string (the one from the competition blog posting), this got me from 1.6 million hash checks per second per core to 2.5 million/second/core.

Using gcc’s __builtin_popcount() and/or the x86 popcntl instruction lets you compute hamming distance in a handful of instructons.

None of this matters at all, although it’s fun to think about. Even with all these optimisations, I still have at most 16 cores (work and home) to run this on. The winner will have hundreds or thousands of parallel cores at their disposal.

Programming skills seem to only play a minor part. Several hours of optimisation only yielded me a 60% improvement compared to my original naive C program. Although, one of the posters on HN suggested he was only getting a tenth of that performance, which suggests a combination of language choice and savvy performance design may be statistically significant in the long run.

I will laugh if the winner is a shady programmer with a medium sized botnet as his or her disposal.

Does anyone have any more optimisations to share? Despite it being kinda pointless, I find this kind of thing really interesting. I honestly don’t plan to enter, except for maybe out of curiosity to see how close a single consumer computer can get to the winning results.